Re: Your security@ needs YOU!

HI. WHAT'S WITH THE YELLING? :) I'm already on security@ and I actively monitor what goes there. About 6 weeks ago a message came through which I missed and nobody else responded to until ASF security reminded us about the post this morning. While having people who "can/will do something" about i

Re: John Kinsella and Wido den Hollander now ASF members

Thanks David and everyone - it really means a lot to me. Will continue to support and evangelize CloudStack and the ASF where I can! John > On May 2, 2018, at 8:57 AM, David Nalley wrote: > > Hi folks, > > As noted in the press release[1] John Kinsella and Wido den Hollan

New committer: Dag Sonstebo

The Project Management Committee (PMC) for Apache CloudStack has invited Dag Sonsteboto become a committer and we are pleased to announce that he has accepted. I’ll take a moment here to remind folks that being an ASF committer isn’t purely about code - Dag has been helping out for quite a while o

Re: [DISCUSS][PROPOSAL] CA authority plugin definition

I’d suggest taking a look at using Dogtag[1] as well. Actually, that’s what the Other Guys also suggest[2]. 1: http://pki.fedoraproject.org/wiki/PKI_Main_Page 2: https://wiki.openstack.org/wiki/PKI > On Apr

Re: re-introduction

Welcome back! :) > On Feb 1, 2017, at 12:26 AM, Daan Hoogland > wrote: > > Hello, > > > My name is Daan Hoogland. I've been mostly out of the community since May > last year. I am now back through the generous sponsorship of my new employer > and will be working (mostly) as developer on clo

Re: [DISCUSS] Bountycastle upgrade

2 thoughts: 1) I know this is partially git’s fault on the diff, and i know this is a standard gripe from me, but for reviewers things are much easier if syntax/whitespace changes are separated out into a separate patch from logic/functionality. 2) One thing that caught my eye was the SHA-1 use

CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability CVSS v3: 9.1 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L) Vendors: The Apache Software Foundation Accelerite, Inc Versions affected: CloudStack versions 4.1 and newer are affec

CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability CVSS v2: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vendors: The Apache Software Foundation Accelerite, Inc Versions affected: CloudStack versions 4.5.0 and newer Description: Apache Clou

Fwd: [DISCUSS] Move from OpenSSL to LibreSSL

ate: February 4, 2016 at 11:43:07 PM PST > To: John Kinsella > > Thank you for explanation, John. > > I am not involved into CS security assessment, but existing architecture > makes me feel safe, because SSVM and VR and any other system VM is accessible > (by SSH) only fr

Two late-announced security advisories

Folks - I just sent out 2 security advisories that should have been sent out several months ago - luckily the ASF security team was aware of them and prodded the ACS security team as to what was up. Earlier today I realized the announcements hadn’t gone out, so they were just sent. I just put u

CVE-2015-3251: Apache CloudStack VM Credential Exposure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2015-3251: Apache CloudStack VM Credential Exposure CVSS v2: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Vendors: The Apache Software Foundation Citrix, Inc. Versions Afffected: Apache CloudStack 4.4.4, 4.5.1 Description: Apache CloudStack provides an A

CVE-2015-3252: Apache CloudStack VNC authentication issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2015-3252: Apache CloudStack VNC authentication issue CVSS v2: 4.3 (AV:N/AC:H/Au:M/C:P/I:P/A:P) Vendors: The Apache Software Foundation Citrix, Inc. Versions Afffected: Apache CloudStack 4.4.4, 4.5.1 Description: Apache CloudStack sets a VNC

Re: [RESULT][VOTE] Apache CloudStack 4.7.0

Did the announcements for 4.7/4.8 go out? I don’t see them on the mailing lists or elsewhere? > On Dec 17, 2015, at 8:37 AM, Remi Bergsma wrote: > > Hi all, > > After 72 hours, the vote for CloudStack 4.7.0 [1] *passes* with 5 PMC + 1 > non-PMC votes. > > +1 (PMC / binding) > * Wilder > * Wi

[DISCUSS] Move from OpenSSL to LibreSSL

Folks - another OpenSSL vulnerability was announced last week[1]. I believe our current SSVMs are running Wheezy, so they should be OK according to [2]. This makes me ponder, though: Should we consider moving to LibreSSL[3] in the future? For those not familiar, it’s a fork of OpenSSL with more

Re: cloudstack vulnerable by COLLECTIONS-580?

Thanks for sending this, Rene. In the future, please send issues like this to secur...@cloudstack.apache.org. We’re looking things over, and will have further comments after review. John On Nov 10, 2015, at 6:07 AM, Rene Moser mailto:m...@renemoser.net>>

Xen security issue

Folks running paravirtualized VMs on Xen (3.4 and newer) hosts need to patch to protect against a new vulnerability that allows an admin in a VM to escape up to the host: http://xenbits.xen.org/xsa/advisory-148.html John Stratosec - Secure Finance and Heathcare Clouds http://stratosec.co o: 41

Re: [Proposal] Replacing Openswan ipsec with Strongswan ipsec

+1. The config formats are sometimes a little different, but overall functionality is similar. This should be fairly transparent to the end user, as the configurations are (usually) generated by ACS. John > On Jul 24, 2015, at 3:10 PM, Jayapal Reddy Uradi > wrote: > > Hi All, > > Openswan i

Re: openssl/cloudstack

Update - looks like there’s no exposure to the vulnerability for us. The Debian images we use do not use a vulnerable version of OpenSSL. Thanks for the patience! John On Jul 10, 2015, at 10:19 AM, John Kinsella mailto:j...@stratosec.co>> wrote: Folks - just put up a brief blog post

openssl/cloudstack

Folks - just put up a brief blog post about the latest OpenSSL issue and how that affects CloudStack. Long story short - we think it does, but are verifying that. Hopefully will have an update by the end of the day. https://blogs.apache.org/cloudstack/entry/cloudstack_and_openssl_cve_2015 Will

Re: Access to ACS security issues

the security list, haven’t got an reply yet. > > Do you need to know which issues did Glenn create? Please, let me know and we > will provide you the URLs. > > Thanks in advance. > > Cheers, > Wilder > >> On 10 Jun 2015, at 19:00, John Kinsella wrote: >>

Re: Access to ACS security issues

+1. We can run queries for security issues, but that requires a more proactive stance than (at least some of us) honestly have. Send a note to the list mentioned…we don’t bite. :) John > On Jun 10, 2015, at 5:20 AM, David Nalley wrote: > > Any chance we can get Glenn to follow our security vu

Re: refresh browser - logged out from ACS ?

Thanks for bringing the topic up. As it’s not related to a specific vulnerability or something that needs to be discussed in private, I’ll keep the conversation on dev@. Generally I’m happy to see discussions about security design happen in public so all can learn. This convo hit my filters so I

Re: ACS 4.5 Release [URGENT]

I can’t think of a reason to provide packages? People will go looking for them, so maybe document somewhere the reason for skipping… On Mar 10, 2015, at 9:27 AM, Wido den Hollander mailto:w...@widodh.nl>> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/10/2015 04:56 PM, David Nal

Re: ACS 4.5 Release [URGENT]

+1 > On Mar 10, 2015, at 8:56 AM, David Nalley wrote: > > So 4.5.0 has shipped - it's been propogated to hundreds of mirrors, > and undoing that is not trivial. > IMO, we should patch, and kick out another RC for 4.5.1 (or 4.5.0.1 I suppose) > > Version numbers are cheap to increment. > > --Da

Re: New SSL vulnerability #FREAK

Thanks for confirmation, Eric Pardon any typos - sent from mobile device Stratosec o: 415.315.9385 @johnlkinsella On Mar 3, 2015, at 10:59 PM, Erik Weber mailto:terbol...@gmail.com>> wrote: On Wed, Mar 4, 2015 at 2:21 AM, Nux! mailto:n...@

Re: New SSL vulnerability #FREAK

Pardon any typos - sent from mobile device Stratosec - Compliance as a Service o: 415.315.9385 @johnlkinsella On Mar 3, 2015, at 10:59 PM, Erik Weber mailto:terbol...@gmail.com>> wrote: On Wed, Mar 4, 2015 at 2:21 AM, Nux! mailto:n...@li.

Re: New SSL vulnerability #FREAK

I don't *think* ACS is vulnerable, but haven't gotten a chance to confirm that yet. Excuse any typos - sent from mobile device > On Mar 3, 2015, at 17:23, Nux! wrote: > > https://freakattack.com/ > > That time of the month again. Secure your stuff, folks. > > -- > Sent from the Delta quadra

Re: [32/50] [abbrv] git commit: updated refs/heads/feature/systemvm-persistent-config to 4fe7264

Would be nice if we weren’t setting a static VRRP password... John > On Feb 4, 2015, at 12:28 PM, d...@apache.org wrote: > > Fix router priuority using the same logic as the one for the state > Fix the router state. do not show UNKNOW, but MASTER or BACKUP depending on > the type of router > Im

Re: [DISCUSS] we need a better SSVM solution

of template > a. the console proxy and secondary storage template > b. the virtual router/ VPC template. > > > > Regards > > Paul Angus > Cloud Architect > S: +44 20 3603 0540 | M: +447711418784 | T: CloudyAngus > paul.an...@shapeblue.com > > -Original Me

Re: [DISCUSS] we need a better SSVM solution

these components > with less human QA. > > Regards. > >> On 29-Jan-2015, at 2:14 am, John Kinsella wrote: >> >> Every time there’s an issue (security or otherwise) with the system VM ISOs, >> it’s a relative pain to fix. They’re sort of a closed system, peo

Re: Ghost glibc vulnerability and CloudStack

https://blogs.apache.org/cloudstack/entry/cloudstack_and_the_ghost_glibc has now been updated with links to download the updated SSVM John On Jan 28, 2015, at 11:55 AM, John Kinsella mailto:j...@stratosec.co>> wrote: There’s a new vulnerability out in most Linux distributions th

[DISCUSS] we need a better SSVM solution

Every time there’s an issue (security or otherwise) with the system VM ISOs, it’s a relative pain to fix. They’re sort of a closed system, people know little (relative to other ACS parts, IMHO) about their innards, and updating them is more difficult than it should be. I’d love to see a Better

Ghost glibc vulnerability and CloudStack

There’s a new vulnerability out in most Linux distributions that has potential to be fairly severe. As it affects most Linux distributions, we’re putting mitigation steps out immediately at [1]. This affects many Linux distributions, so please review management servers, databases, storage syste

Reminder: potential security issues

Everyone - we’ve[1] noticed a commit recently that's related to improving the security of CloudStack (I’m referring to the timing attack commit). We love seeing folks have an interest in the security of CloudStack - the one request we make is if you your work improves the security of ACS or patc

Re: pnfs support?

2015, at 11:59 PM, Sebastien Goasguen wrote: > > pNFS is more in the Lustre, GPFS landscape, supposed to be a real parallel > file system with all posix semantics supported. > > ..but I never used it… > > everyone has been waiting on CephFS :) > > On Jan 14, 2015

pnfs support?

Somebody in the silicon valley meetup just asked about pNFS [1] - I’d never heard of it, but sounds interesting and in theory would negate a lot of the ugliness of NFS. Curious if anybody else is familiar with it, or if there’s a general interest in having support in ACS? John 1: http://www.pn

Upgrade your git clients

Folks - just heard of a vulnerability in apparently all git clients where if you’re using a case-insensitive filesystem (e.g. Windows or OSX), somebody could overwrite your .git/config directory, resulting in running commands on your local box. Short story, upgrade your git clients. More info

Re: [DISCUSS] Issues with Ubuntu instance creation

> On Dec 8, 2014, at 8:10 AM, Tim Mackey wrote: > > I've been working through a series of issues getting Ubuntu 12.04 LTS > templates to provision correctly, and I *think* most are really doc issues, > but before I run off and update docs I wanted to confirm that I'm doing the > right thing.

[CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2014-7807: Apache CloudStack unauthenticated LDAP binds CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P Vendors: The Apache Software Foundation Citrix, Inc. Versions Afffected: Apache CloudStack 4.3, 4.4 Description: Apache CloudStack may be configured

Re: A secure way to reset VMs password

>>>>> >>>>> You would need client-side certs as well since the password server >>> needs to be >>>>> able to validate WHO is asking for the password. Currently it is based >>> on the >>>>> client's IP addr

Re: A secure way to reset VMs password

ows version, so > what did we do? Should we write it from scratch? Why it isn't open?I open a > jira ticket, if you have any comment or suggestion please write > there.https://issues.apache.org/jira/browse/CLOUDSTACK-8009 > Thanks > From: John Kinsella > To: "&quo

Re: A secure way to reset VMs password

n ssh key has a passphrase... Excuse any typos - sent from mobile device > On Dec 2, 2014, at 22:01, Carlos Reátegui wrote: > > I’m all for providing choice, but not when one of them is not a good/secure > one. > > >> On Dec 2, 2014, at 9:48 PM, John Kinsella wrote: &

Re: A secure way to reset VMs password

not available to anybody else (of course a MITM could >> sniff the first exchange). >> >> You could eliminate a lot of MITM-style attacks by running the password >> server locally on each hypervisor (hard for VMW), or by attaching an ISO >> (containi

Re: A secure way to reset VMs password

ld sniff > the first exchange). > > You could eliminate a lot of MITM-style attacks by running the password > server locally on each hypervisor (hard for VMW), or by attaching an ISO > (containing the password) to the VM. > > From: John Kinsella mailto:j...@stratosec.co>

Re: A secure way to reset VMs password

That password reset infrastructure has bigger issues than just SSL. The server side works, but that’s about all I can say for it. This topic comes up every 6-12 months. :) I thought there was a Jira entry but I can’t find it…personally I’d love to see the client and server sides both rewritten

Re: Shellshock

I’m not worried about any specific use-case, but I’d rather not have vulnerable software running on SSVMs in general. John On Sep 30, 2014, at 2:47 PM, Sheng Yang mailto:sh...@yasker.org>> wrote: The parameters of system() function have been verified as valid IP/netmask format by script, so I

Re: Shellshock

spawns. On Fri, Sep 26, 2014 at 2:56 PM, John Kinsella mailto:j...@stratosec.co>> wrote: I just tried some older virtual routers, and they are: root@r-163-VM:~# env x='() { :;}; echo OOPS' bash -c /usr/bin/true OOPS bash: /usr/bin/true: No such file or directory That said, yo

Re: Shellshock

I just tried some older virtual routers, and they are: root@r-163-VM:~# env x='() { :;}; echo OOPS' bash -c /usr/bin/true OOPS bash: /usr/bin/true: No such file or directory That said, you can only ssh to them from the local hypervisor. Not sure if there’s any exposure on the http side. Running

Re: [DISCUSS] CloudStack Future

Ah, from that POV. Gotchya. I think also making it easier to develop the UI would help. Feels like a big black box to me, and probably to others… On Sep 16, 2014, at 10:37 PM, Rohit Yadav mailto:rohit.ya...@shapeblue.com>> wrote: So, most of the developers of CloudStack don’t use it as a user.

Re: [DISCUSS] CloudStack Future

I love seeing thoughts/actions around organizing. but… (Rohit, you keep doing good stuff and I keep popping up to be negative, sorry :) ) Can we do this within the ASF infrastructure? Trello is cool (I’ve used it internally in the past) but can’t we do this on a Confluence page? This allows f

Re: IPv6 ~ Basic Network

SG. > > So Router Advertisements are a very easy option to use. > >> Any thoughts? >> >> Lucian >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro >> >> - Original Message - &g

Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init way

more secure. E.g.,: * HTTPS * Client authentication Another idea might be to attach a volume to the VM with the password, but hot plug detection varies widely from OS/Hypervisor combinations. HTTP(s) is the lowest common denominator, but it has some trade-offs. From: John Kinsella ma

Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init way

; more secure. E.g.,: > > * HTTPS > * Client authentication > > Another idea might be to attach a volume to the VM with the password, but hot > plug detection varies widely from OS/Hypervisor combinations. > HTTP(s) is the lowest common denominator, but it has some

Re: Filesystem XFS

Besides network filesystems, CloudStack should be filesystem-agnostic. It’s an application that sits on top of whatever FS you pick. On Aug 27, 2014, at 5:11 AM, mo wrote: > Hello Dev Folks, > > Is there any particular filesystem that Cloudstack does not appreciate. I was > considering doing

Re: [DISCUSS] Changing the way password reset works, or allowing the cloud-init way

On Aug 26, 2014, at 1:34 PM, Erik Weber wrote: > If I understand correctly, we currently deploy a web server on port 8080 on Slight correction: A processes on the VR listens on port 8080, and hands any connections to a UNIX script. Calling it a "web server" is way too kind. Also, you’re just l

Re: [VOTE] Adapting git workflow for release branches

Let’s keep this civil, folks.

Re: IPv6 ~ Basic Network

Please do - we started tinkering with ipv6 ages ago, never got it to production, tho. On Aug 20, 2014, at 3:48 PM, Nux! wrote: > Thanks Wido for the idea, then. :-) > I'll gladly share it with you guys should I come up with something that works. > > Lucian > > -- > Sent from the Delta quadran

Re: KVM + LXC on the same host

Hey Ilya - So, for about a month now we’ve had a system running SmartOS[1], which gives a combination of containers and KVM, albeit on illumos instead of linux. In general I’m not impressed by SmartOS’s story, but we had one customer asking for it (and I sorta expect more, we’re not officially

Re: [DISCUSS] Introducing Gerrit for quality? was: [PROPOSAL] Using continuous integration to maintain our code quality...

+1 seems like a good idea. On Jun 6, 2014, at 4:26 PM, Sheng Yang mailto:sh...@yasker.org>> wrote: Hi all, Seems it's a good timing to bring back the discussion about the gerrit. We want to do CI, and improve our code quality. One obvious way of doing and reduce the workload of devs is introdu

[ANNOUNCE] Demetrius Tsitrelis as committer

Folks - this one’s a little belated - we went through the invite process around the time of the mail issues, and somehow we didn’t send the announcement to dev@. I noticed while doing some housekeeping this week, and wanted to send out the announcement anyways just to give Demetrius the recognitio

[ANNOUNCE] Amogh Vasekar as committer

The Project Management Committee (PMC) for Apache CloudStack has asked Amogh Vasekar to become a committer and we are pleased to announce that he has accepted. Being a committer allows many contributors to contribute more autonomously. For developers, it makes it easier to submit changes and elimi

REMINDER realhostip going away

Reminder, folks - please migrate off realhostip.com or you’re going to get a nasty surprise this summer. More info at link below. https://blogs.apache.org/cloudstack/entry/realhostip_service_is_being_retired

Re: OpenSSL vunerability (bleedheart)

:10 PM, Kelven Yang mailto:kelven.y...@citrix.com>> wrote: What is the process name of that daemon in CPVM? I remember that we only have SSH and HTTPS port open in console proxy, and the later one is running Java based SSL engine. Kelven On 4/9/14, 1:38 PM, "John Kinsella

Re: OpenSSL vunerability (bleedheart)

ween 2 trusted IPs - Also this should only affect SSVM template from 4.2 onwards as only wheezy is affected Thanks Animesh -Original Message- From: John Kinsella [mailto:j...@stratosec.co] Sent: Wednesday, April 09, 2014 11:07 AM To: dev@cloudstack.apache.org<mailto:dev@cloudstack.a

Re: OpenSSL vunerability (bleedheart)

y not insulting/condescending) On Apr 9, 2014, at 10:19 AM, John Kinsella mailto:j...@stratosec.co>> wrote: To my knowledge, no code change is necessary just a rebuild. - j Please excuse typos - sent from mobile device. - Reply message - From: "Rayees Namathponnan" ma

Re: OpenSSL vunerability (bleedheart)

Folks - unfortunately there’s an error in my blog post last night. On Debian, you need to update both openssl and libssl, updating openssl by itself is not good enough. I knew this, had it in a draft but somehow that didn’t make it into the post. I’ll blame lack of sleep. Blog post has been upd

Re: OpenSSL vunerability (bleedheart)

To my knowledge, no code change is necessary just a rebuild. - j Please excuse typos - sent from mobile device. - Reply message - From: "Rayees Namathponnan" To: "dev@cloudstack.apache.org" Subject: OpenSSL vunerability (bleedheart) Date: Wed, Apr 9, 2014 10:13 AM Even if we get lates

Re: OpenSSL vunerability (bleedheart)

/how_to_mitigate_openssl_heartbleed On Apr 8, 2014, at 6:21 PM, John Kinsella wrote: > Folks - we’re aware of the OpenSSL issue, and are working with vendors to > release mitigation instructions for ACS. > > Hoping to have something out later this evening. > > John > > On Apr 8, 2014

Re: OpenSSL vunerability (bleedheart)

Folks - we’re aware of the OpenSSL issue, and are working with vendors to release mitigation instructions for ACS. Hoping to have something out later this evening. John On Apr 8, 2014, at 8:12 AM, Paul Angus mailto:paul.an...@shapeblue.com>> wrote: A vulnerability has been found in OpenSSL h

REMINDER please send security issues to security@

Folks - in the last week or three we’ve had 2 Jira issues created for security-related issues. In both cases, they seem to be false-positives, luckily. If you think you have found a security issue in ACS, please email secur...@cloudstack.apache.org. This gives us a chance to investigate and cr

Re: Still need SSVM SSL config docs

nerate the correct certificate. I will submit a pull request based on similar lines as console proxy soon. Thanks, Amogh On 3/24/14 11:32 PM, "John Kinsella" wrote: Everyone - I believe we¹re still missing documentation on how to configure ACS 4.3 to use a user-provided SSL certifica

Still need SSVM SSL config docs

Everyone - I believe we’re still missing documentation on how to configure ACS 4.3 to use a user-provided SSL certificate for SSVM file copies? Pretty sure I know the answer, so consider this a request for that documentation, at least in wiki form. I’ve submitted a pull request for updates to t

Re: Simulator Component under Jira

done On Mar 21, 2014, at 1:18 AM, Santhosh Edukulla wrote: > Team, > > Currently, it seems we don't have a component by name Simulator under jira, > This component can be used for any changes we do and issues raised against > simulator. > > Please, some body with permissions can add it. >

Re: Review Request 12228: static resource compression

Canya tell us a little more about the test you’re doing? What URL are you fetching, how many times etc. Just curious to tinker myself this weekend if I have some time. :) On Mar 21, 2014, at 1:07 PM, Laszlo Hornyak mailto:laszlo.horn...@gmail.com>> wrote: -

Re: Review Request 12228: static resource compression

Laszlo, can you reference any other open source projects that have similar solutions to this issue? Anything I’ve read states dynamic compression in tomcat/httpd/nginx does not add significant CPU overhead. On Mar 20, 2014, at 12:53 PM, Laszlo Hornyak mailto:laszlo.horn...@gmail.com>> wrote:

Re: Resetting a VM is broken?

Mike - There is a way to restore disks in destroyed state before they are expunged. It requires shutting down management server, modifying database directly, and keeping a good stock of potential offerings near your data recovery shrine. I’m going to be covering this in my CCC Denver talk. Joh

Re: RealHostIp

+1 on avoiding 8.8.8.8. Nothing good comes from google knowing your dns resolution history... (or whatever other free dns resolvers) On Mar 19, 2014, at 2:08 PM, Nux! wrote: > On 19.03.2014 19:37, Alex Hitchins wrote: >> It's my DNS, it just won't play ball with this one domain. >> I will try

Re: [ANNOUNCE] Change of Apache CloudStack PMC Chair

Chip - your balanced viewpoint has kept ACS moving forward in leaps and bounds. I greedily hope you’ll continue to stay involved, no matter what $dayjob says. :) Congrats Hugo - looking forward to another great year! On Mar 19, 2014, at 1:51 PM, Chip Childers wrote: > Per our project bylaws,

Re: RealHostIp

I can’t ping the NS servers, but they do respond to queries… On Mar 19, 2014, at 2:37 AM, Alex Hitchins wrote: > I can't ping RealHostIp, has the service been properly taken down? An > NSLOOKUP didn't resolve any nameservers at all. > > Alex > > . > > Need Enterprise Grade Support for Apache

Re: 4.3 vote

btw, what I’m doing here is based on http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/pom.xml?r1=1355738&r2=1357818&pathrev=1357818&diff_format=h On Mar 17, 2014, at 10:34 PM, John Kinsella mailto:j...@stratosec.co>> wrote: >From my last few hours tinkerin

Re: [VOTE] Apache CloudStack 4.3.0 (eighth round)

I’ll be committing the patch to master in the morning unless I hear otherwise. On Mar 17, 2014, at 2:56 PM, Animesh Chaturvedi mailto:animesh.chaturv...@citrix.com>> wrote: -Original Message- From: John Kinsella [mailto:j...@stratosec.co] Sent: Monday, March 17, 2014 2:48 PM T

Re: 4.3 vote

awsapi I haven’t run this through functional testing yet, but the results look promising. On Mar 6, 2014, at 4:14 PM, John Kinsella wrote: > David was seeing this as well. This is is a documented problem at > https://issues.apache.org/jira/browse/RAMPART-393. > > I just spun up a VM

Re: [VOTE] Apache CloudStack 4.3.0 (eighth round)

Prachi who worked on awsapi, maybe they can help -sebastien On Mar 17, 2014, at 2:25 PM, John Kinsella mailto:j...@stratosec.co>> wrote: Before we go to 9th round, let’s get https://issues.apache.org/jira/browse/CLOUDSTACK-6156 resolved. I’m pretty busy this week, but will see if I can

Re: [VOTE] Apache CloudStack 4.3.0 (eighth round)

Before we go to 9th round, let’s get https://issues.apache.org/jira/browse/CLOUDSTACK-6156 resolved. I’m pretty busy this week, but will see if I can come up with. Just tried doing a clean awsapi build on a clean AWS instance again and it still fails. On Mar 12, 2014, at 5:26 PM, Animesh Chatu

Re: Release cadence

I am in agreement with my radical CloudStack brother. On Mar 13, 2014, at 9:42 AM, David Nalley wrote: > The RC7 vote thread contained a lot of discussion around release > cadence, and I figured I'd move that to a thread that has a better > subject so there is better visibility to list particip

Re: [PROPOSAL] Enhance the cloudstack events to include more information

I didn’t see comments from others, but this sounds great to me. More info is always better IMHO. On Mar 11, 2014, at 2:31 AM, Sonal Ojha mailto:sonal.o...@sungard.com>> wrote: Currently the event logged in CloudStack doesn't give detailed information about the event that has occurred. The infor

Re: [DISCUSS] realhostip.com going away

The console technology doesn’t really matter. The encryption is the part of concern. You have two choices: * Shared secret: set up a crypto password in advance, get it onto the CPVM and browser in some secure manner. Basically, however you do this you’re compromised once somebody sniffs the con

Re: [DISCUSS] realhostip.com going away

I mentioned their response on 3/3. Basically "their position is they think they’d be doing the community a disfavor by passing the torch” (quoting my previous email, not a direct quote from them but this is their position) The realhostip cert provides a false sense of security, so I can’t think

Re: [DISCUSS] realhostip.com going away

Folks - just applied Amogh’s patch to 4.3-forward, and back ported that to master. Two steps left on the code side: * Need to get this retirement into the 4.3 docs * Need to backport this to 4.2 John On Feb 28, 2014, at 12:27 PM, John Kinsella mailto:j...@stratosec.co>> wrote:

[4.3][Cherry-pick] realhostip changes

Animesh - please pick the commit below from 4.3-forward into 4.3. This is for CLOUDSTACK-6204. 2fe7aeea23ddef25224e3e248f0a91513a14811f John

Re: Review Request 18759: HTTP support for console proxy and making it default

--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/18759/#review36614 --- Ship it! Ship It! - John Kinsella On March 7, 2014, 12:32 a.m

Re: [DISCUSS] realhostip.com going away

Soo…I’d recommend against something like Nux’s suggestion below. I’ve only looked briefly at VirtualDNS.java, and it looks fine from a glance, but I’m willing to bet I can a) DOS it, and b) use it for a reflection attack. I could be wrong, don’t really have time to look closely, but based on it

Re: 4.3 vote

our next RC. > >> -Original Message----- >> From: John Kinsella [mailto:j...@stratosec.co] >> Sent: Thursday, March 06, 2014 4:14 PM >> To: dev@cloudstack.apache.org >> Subject: Re: 4.3 vote >> >> David was seeing this as well. This is is a d

Re: [DISCUSS] realhostip.com going away

So - I’ve browsed around a little after pondering the idea of doing crypto at the JS level, but I can’t seem to make the argument and keep a straight face. I did find a JS library [1] that would probably work, but still you’re left with 2 issues: 1) gotta get the library securely to the browser

Re: 4.3 vote

.758s] [INFO] [INFO] BUILD SUCCESS [INFO] -Original Message- From: John Kinsella [mailto:j...@stratosec.co] Sent: Wednesday, March 05, 2014 11:51 AM To: dev@cloudstack.apache.or

Re: apidocs build failure

Can’t quite tell if that’s the same as what I was seeing - haven’t tried for a few days http://markmail.org/thread/6drub4m2xgrgtfxt On Mar 6, 2014, at 2:12 PM, Alex Hitchins mailto:alex.hitch...@shapeblue.com>> wrote: Just trying a build against 4.3 (not 4.3-forward) and I get the following err

Re: Review Request 18759: HTTP support for console proxy and making it default

main")) WHERE `name`="secstorage.ssl.cert.domain"; work? 2) What happens here if a install already has changed away from realhostip.com? - John Kinsella On March 5, 2014, 8:47 p.m., Amogh Vasekar wrote: > > --

Re: 4.3 vote

issues. John On Mar 5, 2014, at 11:10 AM, Animesh Chaturvedi mailto:animesh.chaturv...@citrix.com>> wrote: John when was the dependency broken? Are you not able to build AWSAPI? -Original Message- From: John Kinsella [mailto:j...@stratosec.co] Sent: Wednesday, March 05, 2014 11:00

Re: 4.3 vote

FYI I’m still -1 until CLOUDSTACK-6156 and https://reviews.apache.org/r/18392/ is addressed. On Mar 5, 2014, at 10:10 AM, Animesh Chaturvedi wrote: > > >> -Original Message- >> From: sebgoa [mailto:run...@gmail.com] >> Sent: Wednesday, March 05, 2014 7:58 AM >> To: dev@cloudstack.apa

Re: [DISCUSS] realhostip.com going away

t at : https://reviews.apache.org/r/18759/ that partially address the issue. It has a link to the wiki describing the changes in detail. Thanks, Amogh On 3/3/14 8:58 AM, "John Kinsella" mailto:j...@stratosec.co>> wrote: I talked with some of the Citrix folk over the weekendŠtheir position is th

  1   2   >